PHP IP Lookups via Quova Neustars IP Intelligence API

These days as a website owner we see tons of malicious activity on our sites daily. From people trying to perform MySQL injections that give them access to sensitive data, to application vulnerabilities, to tons and tons of contact and comment form spam. When it comes to the spam piece you can always put in a CAPTCHA method that verifies its a human and not a bot, but unfortunately some people are willing to pay for these to be solved automatically. The MySQL injections and application security pieces are real important to protecting your content and the server it runs on.
The information available to web owners for every visit they get is limited but with an I.P. address we can do some digging. Sure, the professionals out there who know what they are doing will likely spoof their address by putting a proxy in front of them, but for those who don’t, we can find where they are down to the zip code! One thing I do on some of my sites that get the most traffic is log IP addresses. I want to know what people are requesting and where they are requesting it from. You will notice sometimes long stringed out URL’s with MySQL syntax in them…. This is bad! This means that people are actively trying to exploit your code by doing a MySQL injection.
So how do we find out where they are? Their are several services out there that do I.P. look ups but I am going to go with Quova. Quova was obtained by Neustar in 2012 I believe, and can trace an I.P. address to its geographic extended zip code. It isn’t 100% guarantee to know where the IP is, or have the correct location, but its damn close to it.

Besides security, the Quova service allows online businesses to find out where their customers are located geographically, and where the potential customers are that choose not to checkout with a product in their cart.

Its homepage is here

If you want to try their geo-location lookup services you can try it here:|utmccn=%28organic%29|utmcmd=organic|utmctr=%28not%20provided%29&__utmv=1.InternalUser&__utmk=109280773

One of the biggest downfalls of the service at this time is that it doesn’t support IPV6 but I am sure they are working hard to make it available.

If you wanted to build an application that uses the Neustar IP Intellgence API, you would first need to sign up. A free account only gets you a maximum of 1k queries a day but that may be plenty for some of us out there to get started.

Go here and sign up for a developer account with Quova.

Once you have a developer account, you will get an API key and a secret key that will be needed to hit the API.

While I like the example they to give for PHP on the developer site of Quova, I couldn’t get it to work so I was forced to create my own… which is fine.

//read an ip address from the URL via GET method
$ip = '/' . $_GET['ip'];

//provide our credentials for API

//get current time stamp in epoch
$timestamp = gmdate('U'); // 1200603038

//create our signature by combining time stamp + secret + apikey and MD5 hashing them
$sig = md5($apikey . $secret . $timestamp);

//construct our API URL with the given parameters we just setup
$url = '' . $ip . '?apikey=' . $apikey . '&sig=' . $sig;

//create a SimpleXMLElement object with our URL we just constructed
$xml = new SimpleXMLElement($url, null, true);

echo $xml;


So if we pass an IP in our URL, the script makes a call to the API and returns an XML object containing all the results. Here is an example of the data returned when I did a lookup on a Google IP:

IP Type: 	Mapped	
Organization: 	google inc.	
Carrier: 	google inc.	
ASN: 	15169	
Connection Type: 	ocx	
Line Speed: 	high	
IP Routing Type: 	fixed	
TLD: 	net	
SLD: 	1e100	
Location: 	north america	
Latitude: 	40.75891	
Longitude: 	-73.97902	
Country: 	united states	
Country Code: 	us	
Country CF: 	99	
State: 	new york	
State Code: 	ny	
State CF: 	94	
City: 	new york	
Postal Code: 	10020	
Area Code: 	212	
City CF: 	90

So in conclusion, its a really nice API thats available to anyone with a limit of 1k queries a day… If you see some malicious activity on your site, its nice to be able to trace it back to an *alleged* location. Or if you would like to better market your products to your audience, its nice to follow trends by IP and geographic location so that you can build a strategy to get more leads/sales.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>